Merge branch 'master' of https://github.com/v2ray/v2ray-core

2025-02-20 23:47:21 -05:00 · 2017-02-14 10:13:13 +01:00 · 2017-02-14 10:13:13 +01:00 · 8d6a4d0a8a
commit 8d6a4d0a8a
parent 0d83330ced d5b1762865
5 changed files with 50 additions and 65 deletions
--- a/common/crypto/auth.go
+++ b/common/crypto/auth.go
@ -71,6 +71,7 @@ type AuthenticationReader struct {
 	auth     Authenticator
 	buffer   *buf.Buffer
 	reader   io.Reader
 	sizeMask uint16
 	chunk []byte
 }
@ -79,11 +80,12 @@ const (
 	readerBufferSize = 32 * 1024
 )
-func NewAuthenticationReader(auth Authenticator, reader io.Reader) *AuthenticationReader {
+func NewAuthenticationReader(auth Authenticator, reader io.Reader, sizeMask uint16) *AuthenticationReader {
 	return &AuthenticationReader{
 		auth:     auth,
 		buffer:   buf.NewLocal(readerBufferSize),
 		reader:   reader,
 		sizeMask: sizeMask,
 	}
 }
@ -91,7 +93,7 @@ func (v *AuthenticationReader) NextChunk() error {
 	if v.buffer.Len() < 2 {
 		return errInsufficientBuffer
 	}
-	size := int(serial.BytesToUint16(v.buffer.BytesTo(2)))
+	size := int(serial.BytesToUint16(v.buffer.BytesTo(2)) ^ v.sizeMask)
 	if size > v.buffer.Len()-2 {
 		return errInsufficientBuffer
 	}
@ -171,13 +173,15 @@ type AuthenticationWriter struct {
 	auth     Authenticator
 	buffer   []byte
 	writer   io.Writer
 	sizeMask uint16
 }
-func NewAuthenticationWriter(auth Authenticator, writer io.Writer) *AuthenticationWriter {
+func NewAuthenticationWriter(auth Authenticator, writer io.Writer, sizeMask uint16) *AuthenticationWriter {
 	return &AuthenticationWriter{
 		auth:     auth,
 		buffer:   make([]byte, 32*1024),
 		writer:   writer,
 		sizeMask: sizeMask,
 	}
 }
@ -187,7 +191,8 @@ func (v *AuthenticationWriter) Write(b []byte) (int, error) {
 		return 0, err
 	}
-	serial.Uint16ToBytes(uint16(len(cipherChunk)), v.buffer[:0])
+	size := uint16(len(cipherChunk)) ^ v.sizeMask
 	serial.Uint16ToBytes(size, v.buffer[:0])
 	_, err = v.writer.Write(v.buffer[:2+len(cipherChunk)])
 	return len(b), err
 }
--- a/common/crypto/auth_test.go
+++ b/common/crypto/auth_test.go
@ -6,17 +6,19 @@ import (
 	"crypto/rand"
 	"io"
 	"testing"
 	"time"
 	"v2ray.com/core/common/buf"
 	. "v2ray.com/core/common/crypto"
 	"v2ray.com/core/common/dice"
 	"v2ray.com/core/testing/assert"
 )
 func TestAuthenticationReaderWriter(t *testing.T) {
 	assert := assert.On(t)
 	sizeMask := uint16(dice.Roll(65536))
 	key := make([]byte, 16)
 	rand.Read(key)
 	block, err := aes.NewCipher(key)
@ -38,7 +40,7 @@ func TestAuthenticationReaderWriter(t *testing.T) {
 			Content: iv,
 		},
 		AdditionalDataGenerator: &NoOpBytesGenerator{},
-	}, cache)
+	}, cache, sizeMask)
 	nBytes, err := writer.Write(payload)
 	assert.Error(err).IsNil()
@ -53,7 +55,7 @@ func TestAuthenticationReaderWriter(t *testing.T) {
 			Content: iv,
 		},
 		AdditionalDataGenerator: &NoOpBytesGenerator{},
-	}, cache)
+	}, cache, sizeMask)
 	actualPayload := make([]byte, 16*1024)
 	nBytes, err = reader.Read(actualPayload)
@ -68,6 +70,8 @@ func TestAuthenticationReaderWriter(t *testing.T) {
 func TestAuthenticationReaderWriterPartial(t *testing.T) {
 	assert := assert.On(t)
 	sizeMask := uint16(dice.Roll(65536))
 	key := make([]byte, 16)
 	rand.Read(key)
 	block, err := aes.NewCipher(key)
@ -89,7 +93,7 @@ func TestAuthenticationReaderWriterPartial(t *testing.T) {
 			Content: iv,
 		},
 		AdditionalDataGenerator: &NoOpBytesGenerator{},
-	}, cache)
+	}, cache, sizeMask)
 	writer.Write([]byte{'a', 'b', 'c', 'd'})
@ -119,7 +123,7 @@ func TestAuthenticationReaderWriterPartial(t *testing.T) {
 			Content: iv,
 		},
 		AdditionalDataGenerator: &NoOpBytesGenerator{},
-	}, pr)
+	}, pr, sizeMask)
 	actualPayload := make([]byte, 7*1024)
 	nBytes, err = reader.Read(actualPayload)
--- a/proxy/vmess/encoding/client.go
+++ b/proxy/vmess/encoding/client.go
@ -119,6 +119,7 @@ func (v *ClientSession) EncodeRequestHeader(header *protocol.RequestHeader, writ
 func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, writer io.Writer) buf.Writer {
 	var authWriter io.Writer
 	sizeMask := serial.BytesToUint16(v.requestBodyKey[:2])
 	if request.Security.Is(protocol.SecurityType_NONE) {
 		if request.Option.Has(protocol.RequestOptionChunkStream) {
 			auth := &crypto.AEADAuthenticator{
@ -126,7 +127,7 @@ func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
 				NonceGenerator:          crypto.NoOpBytesGenerator{},
 				AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 			}
-			authWriter = crypto.NewAuthenticationWriter(auth, writer)
+			authWriter = crypto.NewAuthenticationWriter(auth, writer, sizeMask)
 		} else {
 			authWriter = writer
 		}
@ -139,7 +140,7 @@ func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
 				NonceGenerator:          crypto.NoOpBytesGenerator{},
 				AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 			}
-			authWriter = crypto.NewAuthenticationWriter(auth, cryptionWriter)
+			authWriter = crypto.NewAuthenticationWriter(auth, cryptionWriter, sizeMask)
 		} else {
 			authWriter = cryptionWriter
 		}
@ -155,7 +156,7 @@ func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
 			},
 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 		}
-		authWriter = crypto.NewAuthenticationWriter(auth, writer)
+		authWriter = crypto.NewAuthenticationWriter(auth, writer, sizeMask)
 	} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
 		aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.requestBodyKey))
@ -167,7 +168,7 @@ func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
 			},
 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 		}
-		authWriter = crypto.NewAuthenticationWriter(auth, writer)
+		authWriter = crypto.NewAuthenticationWriter(auth, writer, sizeMask)
 	}
 	return buf.NewWriter(authWriter)
@ -214,6 +215,7 @@ func (v *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.Respon
 func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader {
 	var authReader io.Reader
 	sizeMask := serial.BytesToUint16(v.responseBodyKey[:2])
 	if request.Security.Is(protocol.SecurityType_NONE) {
 		if request.Option.Has(protocol.RequestOptionChunkStream) {
 			auth := &crypto.AEADAuthenticator{
@ -221,7 +223,7 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
 				NonceGenerator:          crypto.NoOpBytesGenerator{},
 				AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 			}
-			authReader = crypto.NewAuthenticationReader(auth, reader)
+			authReader = crypto.NewAuthenticationReader(auth, reader, sizeMask)
 		} else {
 			authReader = reader
 		}
@ -232,7 +234,7 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
 				NonceGenerator:          crypto.NoOpBytesGenerator{},
 				AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 			}
-			authReader = crypto.NewAuthenticationReader(auth, v.responseReader)
+			authReader = crypto.NewAuthenticationReader(auth, v.responseReader, sizeMask)
 		} else {
 			authReader = v.responseReader
 		}
@ -248,7 +250,7 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
 			},
 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 		}
-		authReader = crypto.NewAuthenticationReader(auth, reader)
+		authReader = crypto.NewAuthenticationReader(auth, reader, sizeMask)
 	} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
 		aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey))
@ -260,7 +262,7 @@ func (v *ClientSession) DecodeResponseBody(request *protocol.RequestHeader, read
 			},
 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 		}
-		authReader = crypto.NewAuthenticationReader(auth, reader)
+		authReader = crypto.NewAuthenticationReader(auth, reader, sizeMask)
 	}
 	return buf.NewReader(authReader)
--- a/proxy/vmess/encoding/server.go
+++ b/proxy/vmess/encoding/server.go
@ -237,6 +237,7 @@ func (v *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.Request
 func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader {
 	var authReader io.Reader
 	sizeMask := serial.BytesToUint16(v.requestBodyKey[:2])
 	if request.Security.Is(protocol.SecurityType_NONE) {
 		if request.Option.Has(protocol.RequestOptionChunkStream) {
 			auth := &crypto.AEADAuthenticator{
@ -244,7 +245,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
 				NonceGenerator:          crypto.NoOpBytesGenerator{},
 				AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 			}
-			authReader = crypto.NewAuthenticationReader(auth, reader)
+			authReader = crypto.NewAuthenticationReader(auth, reader, sizeMask)
 		} else {
 			authReader = reader
 		}
@ -257,7 +258,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
 				NonceGenerator:          crypto.NoOpBytesGenerator{},
 				AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 			}
-			authReader = crypto.NewAuthenticationReader(auth, cryptionReader)
+			authReader = crypto.NewAuthenticationReader(auth, cryptionReader, sizeMask)
 		} else {
 			authReader = cryptionReader
 		}
@ -273,7 +274,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
 			},
 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 		}
-		authReader = crypto.NewAuthenticationReader(auth, reader)
+		authReader = crypto.NewAuthenticationReader(auth, reader, sizeMask)
 	} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
 		aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.requestBodyKey))
@ -285,7 +286,7 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
 			},
 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 		}
-		authReader = crypto.NewAuthenticationReader(auth, reader)
+		authReader = crypto.NewAuthenticationReader(auth, reader, sizeMask)
 	}
 	return buf.NewReader(authReader)
@ -310,6 +311,7 @@ func (v *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, wr
 func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writer io.Writer) buf.Writer {
 	var authWriter io.Writer
 	sizeMask := serial.BytesToUint16(v.responseBodyKey[:2])
 	if request.Security.Is(protocol.SecurityType_NONE) {
 		if request.Option.Has(protocol.RequestOptionChunkStream) {
 			auth := &crypto.AEADAuthenticator{
@ -317,7 +319,7 @@ func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
 				NonceGenerator:          crypto.NoOpBytesGenerator{},
 				AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 			}
-			authWriter = crypto.NewAuthenticationWriter(auth, writer)
+			authWriter = crypto.NewAuthenticationWriter(auth, writer, sizeMask)
 		} else {
 			authWriter = writer
 		}
@ -328,7 +330,7 @@ func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
 				NonceGenerator:          crypto.NoOpBytesGenerator{},
 				AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 			}
-			authWriter = crypto.NewAuthenticationWriter(auth, v.responseWriter)
+			authWriter = crypto.NewAuthenticationWriter(auth, v.responseWriter, sizeMask)
 		} else {
 			authWriter = v.responseWriter
 		}
@ -344,7 +346,7 @@ func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
 			},
 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 		}
-		authWriter = crypto.NewAuthenticationWriter(auth, writer)
+		authWriter = crypto.NewAuthenticationWriter(auth, writer, sizeMask)
 	} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
 		aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey))
@ -356,7 +358,7 @@ func (v *ServerSession) EncodeResponseBody(request *protocol.RequestHeader, writ
 			},
 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 		}
-		authWriter = crypto.NewAuthenticationWriter(auth, writer)
+		authWriter = crypto.NewAuthenticationWriter(auth, writer, sizeMask)
 	}
 	return buf.NewWriter(authWriter)
--- a/transport/internet/websocket/ws.go
+++ b/transport/internet/websocket/ws.go
@ -1,33 +1,5 @@
 /*Package websocket implements Websocket transport
 Websocket transport implements a HTTP(S) compliable, surveillance proof transport method with plausible deniability.
 To configure such a listener, set streamSettings to be ws. A http(s) listener will be listening at the port you have configured.
 There is additional configure can be made at transport configure.
 "wsSettings":{
      "Path":"ws", // the path our ws handler bind
      "Pto": "wss/ws", // the transport protocol we are using ws or wss(listen ws with tls)
      "Cert":"cert.pem", // if you have configured to use wss, configure your cert here
      "PrivKey":"priv.pem" //if you have configured to use wss, configure your privatekey here
    }
 To configure such a Dialer, set streamSettings to be ws.
 There is additional configure can be made at transport configure.
 "wsSettings":{
      "Path":"ws", // the path our ws handler bind
      "Pto": "wss/ws", // the transport protocol we are using ws or wss(listen ws with tls)
    }
 It is worth noting that accepting a non-valid cert is not supported as a self-signed or invalid cert can be a sign of a website that is not correctly configured and lead to additional investigation.
 This transport was disscussed at
 https://github.com/v2ray/v2ray-core/issues/224
 */
 package websocket